1. Who we are
WITAL.AI (“WITAL”, “we”, “us”) is operated by WooSee Limited, a company registered in England and Wales (company number 14364528). Our registered address is 71–75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom. We are registered with the UK Information Commissioner’s Office under registration number ZB532687.
We are the data controller for the personal data described in this policy. You can contact us at solo@woosee.pro for any privacy-related matter.
2. Scope
This policy covers WITAL.AI across all delivery channels: the web application at wital.ai, the iOS app (“AI Weather (WITAL)” on the App Store), and the Android app on Google Play. WITAL is a weather forecasting service that uses AI to generate plain-language forecast summaries.
3. What data we collect
Data you provide
| Data | When | Purpose |
|---|---|---|
| Email address | Signup, or provided by your OAuth provider | Account identity, account-related notifications (verification, password reset) |
| Display name | Provided by your OAuth provider (optional) | Personalisation in the app UI |
| Password (hashed) | Email-password signup | Authentication. Passwords are one-way hashed with bcrypt; we never store the plain-text value. |
| Selected city / saved locations | When you search or save a location | Generating your forecast |
| Notification preferences (times, channels, language) | When you enable notifications | Delivering scheduled forecast notifications |
Data collected automatically
| Data | Source | Purpose |
|---|---|---|
| Device location (approximate or precise) | Your device, only when you tap “use my location” or allow location for current-location forecasts | Generating a forecast for your current position. Coordinates are used for the request only and are not persisted on our servers. |
| Advertising identifier (IDFA on iOS, AAID on Android) | Your device, only if you consent to personalised ads via the in-app consent prompt | Ad personalisation and frequency-capping via Google AdMob. If you decline personalisation, only non-personalised ads are served. |
| Push notification token (APNs or FCM) | Your device, only if you enable push notifications | Delivering scheduled forecast notifications to your device |
| Internal user ID | Generated on signup | Linking your records across our systems |
| Access logs (IP, user-agent, request path, timestamp) | Our servers and CloudFront CDN | Security, fraud detection, and operational monitoring |
| Crash reports and performance diagnostics | Google Play (Android) and the Expo runtime | Diagnosing crashes and app performance problems |
Data we do not collect
Financial information, health or fitness data, messages, photos or videos, audio, files, calendar entries, contacts, web browsing history, and other UGC are not collected by WITAL.
4. How we use your data
- Service delivery — generating forecasts, delivering notifications you’ve opted into, keeping you signed in.
- Personalisation — showing your saved locations, remembering preferences.
- Ad-supported free tier — serving ads through Google AdMob. Ads are personalised only with your consent (collected via the in-app UMP prompt on first launch).
- Security and abuse prevention — request-rate monitoring, detection of unusual sign-in patterns, audit logs.
- Service improvement — crash reports and diagnostics help us fix bugs; aggregated usage metrics help prioritise features.
- Legal compliance — responding to lawful requests from authorities.
5. Third parties we share data with
We share data only with the providers needed to run WITAL, and only the minimum they need. We do not sell your data, and we do not share it with data brokers or marketing companies.
| Provider | Data shared | Purpose |
|---|---|---|
| Google AdMob (Google Ireland Ltd) | Advertising identifier, interaction data with ads | Ad serving, fallback non-personalised ads if you decline consent |
| Apple Push Notification service (Apple Inc.) | APNs device token, notification payload | Delivering push notifications to iOS devices |
| Firebase Cloud Messaging (Google LLC) | FCM device token, notification payload | Delivering push notifications to Android devices |
| Amazon Web Services (AWS) | All personal data listed above, as our cloud host | Hosting, database, email delivery (Simple Email Service), content delivery (CloudFront), AI inference (Bedrock) |
| Telegram (Telegram FZ-LLC) | Telegram user ID and chat ID, only if you connect Telegram notifications | Delivering notifications via Telegram |
When you sign in with Google, Apple, or Facebook, the identity information exchanged during sign-in is shared between you and that provider under their terms. We receive a verified email address (and, for Google / Apple, a display name) and a provider-specific identifier. No other data is transferred to those providers from our side unless you explicitly initiate it.
AI-generated forecast text is produced by an AWS Bedrock large-language model. The only data sent to the model is your requested location and technical forecast parameters — no personal identifiers.
6. Data retention
| Data | Retention |
|---|---|
| Account data (email, name, preferences, saved locations, devices) | Until you delete your account |
| Query-time location (lat/long) | Not stored — used only for the immediate forecast request |
| Push notification tokens | Until notifications are disabled, the token becomes invalid, or account deletion |
| CDN and server access logs | 90 days |
| Email suppression (unsubscribe) list | Up to 2 years, to comply with CAN-SPAM and similar anti-spam laws |
| Transactional email metadata (AWS SES) | Per AWS’s standard retention policy |
| Encrypted database backups | Up to 35 days |
7. Account deletion
You can delete your account at any time from Settings → Delete Account, or by visiting our account deletion page. Deletion removes your profile, linked OAuth accounts, preferences, devices, and notification schedules. Retained items are limited to the unsubscribe list, anonymised access logs, and backups that age out per the schedule above.
8. Your rights
Under the UK GDPR and the EU GDPR, you have the right to:
- Access the personal data we hold about you
- Rectify inaccurate or incomplete data
- Erase your data (“right to be forgotten”)
- Restrict or object to our processing
- Portability (receive your data in a machine-readable format)
- Withdraw consent at any time (for processing based on consent)
- Complain to a supervisory authority — in the UK, the Information Commissioner’s Office
To exercise any of these rights, email us at solo@woosee.pro. We respond within 30 days.
9. Legal bases for processing
- Contract — processing necessary to provide the service you signed up for (account, forecasts, saved locations).
- Consent — personalised advertising, push notifications, precise location access, optional Telegram integration.
- Legitimate interests — security, fraud prevention, service diagnostics, preventing abuse of our infrastructure.
- Legal obligation — responding to valid legal requests.
10. Security
- All data in transit is encrypted with TLS 1.2+.
- Database storage is encrypted at rest (AWS-managed keys).
- Secrets are held in AWS Systems Manager Parameter Store as encrypted SecureStrings.
- Passwords are one-way hashed with bcrypt; we never store the plain-text value.
- Access to production systems uses least-privilege IAM roles and is logged.
- A Web Application Firewall protects our CloudFront distribution against common attacks.
11. Children’s privacy
WITAL is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us data, contact solo@woosee.pro and we will delete it.
12. International transfers
Our primary infrastructure is hosted in the United Kingdom and the European Economic Area (AWS London, eu-west-2). Some sub-processors (Google AdMob, Apple, Telegram) operate globally and may transfer data outside the UK / EEA. Those transfers are covered by appropriate safeguards (Standard Contractual Clauses and the EU-US Data Privacy Framework where applicable).
13. Automated decision-making
AI-generated forecast text is produced automatically, but it does not have legal or similarly significant effect on you, so it is not “automated decision-making” in the GDPR Article 22 sense. Ad personalisation is automated and is based on signals from your device’s advertising identifier; you can disable it via the in-app consent prompt or in your device settings.
14. Cookies and local storage
The WITAL web app uses browser local storage (not cookies) to hold your login session token and preferences. No third-party tracking cookies are used on the WITAL marketing site. AdMob inside the native apps uses native device advertising identifiers, not web cookies.
15. Changes to this policy
We may update this policy to reflect changes in our service or legal requirements. The “Last updated” date at the top always reflects the latest version. Material changes are announced in-app or by email to registered users.
16. Contact
Privacy questions, requests, or complaints:
WooSee Limited
71–75 Shelton Street, Covent Garden
London WC2H 9JQ, United Kingdom
Email: solo@woosee.pro
ICO registration: ZB532687